<?php

  //////////////////////////////////////////////////////////////////
  // OrbitFAQ                                                     //
  // ---------                                                    //
  //                                                              //
  // Orbit FAQ was solely written and developed by Orbit Services //
  // http://www.orbitservices.net                                 //
  //                                                              //
  // Access the Forum here:                                       //
  // http://forums.orbitservices.net/index.php?c=4                //
  //                                                              //
  // OrbitFAQ utilises the following opensource projects/classes; //
  //  + Fckeditor - http://www.fckeditor.net                      //
  //  + Smarty Template Engine - http://smarty.php.net            //
  //  + Swift Email Class - http://www.swiftmailer.org/           //
  //  + OWASP PHP Filter Project - http://www.owasp.org           //
  //  + MySQL Search Class by Stephen Bartholomew                 //
  //                                                              //
  //////////////////////////////////////////////////////////////////

  $smarty->assign("OrbitFAQTitle","Login");

    if($action == 'login')
      {

        if($posted == "yes")
          {

          $posted_login = strip_tags($_POST['posted_login']); // Posted Email Address
          $posted_password = strip_tags($_POST['posted_password']); // Posted Password

          if(!$posted_login){ $error .= " &raquo; You did not enter a <u>Login</u><br />"; }
          if(!$posted_password){ $error .= " &raquo; You did not enter a <u>Password</u><br />"; }

          if(!$error)
            {

              $encrypt_password = md5($posted_password);

              // Lets Check Our Usename and Password
              $query_login = "SELECT * from `orbitfaq_users` WHERE `status` = '1' AND (`accesslvl` = 'admin' or `accesslvl` = 'superadmin')  AND `login` = '$posted_login' AND `password` = '$encrypt_password'";
              $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
              $count_login = $faqsql_count_rows($result_login);

              if($count_login == '0')
                {
                  $error .= " &raquo; You did not enter a valid <u>Login & Password</u><br />";
                }

              while ($row_login = $faqsql_fetch_array ($result_login)){
                $login_id = $row_login[0];
                $login_name = $row_login[2];
                $fullname = $row_login[3];
                $accesslvl = $row_login[13];
              }
            }


          if(!$error)
            {

              session_register('orbitfaq_userid');
              $_SESSION['orbitfaq_userid'] = $login_id;

              session_register('orbitfaq_login');
              $_SESSION['orbitfaq_login'] = $posted_login;

              session_register('orbitfaq_fullname');
              $_SESSION['orbitfaq_fullname'] = $fullname;

              session_register('orbitfaq_accesslevel');
              $_SESSION['orbitfaq_accesslevel'] = $accesslvl;

              $message = "You have been successfully Logged In $fullname!";
              header("Location: index.php?message=$message");
              exit;

            }
          else
            {

              session_register('orbitfaq_accesslevel');
              $_SESSION['orbitfaq_accesslevel'] = 'none';
              $orbitfaq_accesslevel = $_SESSION['orbitfaq_accesslevel'];

              $message = 'You are not authenticated to access this page, please log in.';
              $smarty->assign("message","$message");

              $smarty->assign("orbitfaq_accesslevel","$orbitfaq_accesslevel");

              $smarty->assign("posted_login","$posted_login");
              $smarty->assign("Errors","$error");

            }

          }

          // Load our Listing Template
          $smarty_template_file = "$AdminFullPath/skins/$AdminSkin/mod_auth_loginform.tpl";


      } // End Login

    elseif($action == 'logout')
      {

        function session_clear() {
        // if session exists, unregister all variables that exist and destroy session
          $exists = "no";
          $session_array = explode(";",session_encode());
          for ($x = 0; $x < count($session_array); $x++) {
            $name  = substr($session_array[$x], 0, strpos($session_array[$x],"|"));
          if (session_is_registered($name)) {
            session_unregister('$name');
            $exists = "yes";
          }
          }
        if ($exists != "no") {
            session_destroy();
          }
        }
        session_clear();
        if(!session_is_registered(session_name())) {
          $message = "You have been successfully logged out";
        }else{
          $message = "<b>NOT LOGGED OUT!!</b><br />Please contact the system administrator.";
        }

        clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

        header("Location: index.php?message=$message");
        exit;

      } // End Logout
    elseif($action == 'register')
      {

        if($posted == 'yes')
          {
            // Lets sanitize our posted data
              $posted_fullname = strip_tags($_POST['posted_fullname']);
              $posted_login = fsanitize_email($_POST['posted_login']);
              $validate_email = checkEmail($posted_login);
              $posted_phone = strip_tags($_POST['posted_phone']);
              $posted_occupation = strip_tags($_POST['posted_occupation']);
              $posted_country = strip_tags($_POST['posted_country']);
              $posted_city = strip_tags($_POST['posted_city']);
              $posted_msn = strip_tags($_POST['posted_msn']);

              $generated_password = makeRandomPassword();
              $encrypted_generated_password = md5($generated_password);

              // Check if our email is in the system already
              $query_login = "SELECT * from `orbitfaq_users` WHERE `login` = '$posted_login'";
              $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
              $count_login = $faqsql_count_rows($result_login);

              if(!$posted_fullname){ $error .= " &raquo; You did not enter a <u>Full Name</u><br />"; }
              if(!$posted_login){ $error .= " &raquo; You did not enter an <u>Email Address</u><br />"; }
              if($validate_email == '0'){ $error .= " &raquo; You did not enter a <u>Valid Email Address</u><br />"; }
              if($count_login != '0'){ $error .= " &raquo; You did not enter a <u>Unique Email Address</u>, maybe you should try the Forgotten Password Option<br />"; }

                if(!$error)
                  {

                    $register_date = date("Y-m-d H:i:s");

                    $query_add = "INSERT INTO `orbitfaq_users` (
                        `f_id`,
                        `login`,
                        `fullname`,
                        `password`,
                        `phone`,
                        `msn`,
                        `country`,
                        `city`,
                        `occupation`,
                        `register_date`
                      )VALUES(
                        '0',
                        '$posted_login',
                        '$posted_fullname',
                        '$encrypted_generated_password',
                        '$posted_phone',
                        '$posted_msn',
                        '$posted_country',
                        '$posted_city',
                        '$posted_occupation',
                        '$register_date'
                      );

                    ";
                    $result_add = $faqsql_query ($query_add)OR DIE( "$sql_query_error $query_add");

                    // Get our email address and email them the notice

                    $OurMessage = "<font face='verdana'>Thank you for your registration at <b>$OrbitFAQTitle</b><br /><br />";
                    $OurMessage .= "You are almost able to start using this system, but first you must validate this request<br />";
                    $OurMessage .= "Go to the following link to validate your registration<br />";
                    $OurMessage .= "$FaqAddress/members.php?action=validate&l=$posted_login&k=$encrypted_generated_password<br />";
                    $OurMessage .= "Once validated you can login using the following crudentials<br />";
                    $OurMessage .= "Login: $posted_login<br />";
                    $OurMessage .= "Password: $generated_password<br /><br />";
                    $OurMessage .= "Regards,<br /><b>OrbitFAQ Mailer</b>";

                    $OurTxtMessage = "Thank you for your registration at $OrbitFAQTitle\n\n";
                    $OurTxtMessage .= "You are almost able to start using this system, but first you must validate this request\n";
                    $OurTxtMessage .= "Go to the following link to validate your registration\n";
                    $OurTxtMessage .= "$FaqAddress/members.php?action=validate&l=$posted_login&k=$encrypted_generated_password\n\n";
                    $OurTxtMessage .= "Once validated you can login using the following crudentials\n";
                    $OurTxtMessage .= "Login: $posted_login\n";
                    $OurTxtMessage .= "Password: $generated_password\n\n";
                    $OurTxtMessage .= "Regards,\nOrbitFAQ Mailer\n";

                    // Lets check that they are using swift
                    // if version is ok then use swift
                    if(($phpv == '4')OR($phpv == '5'))
                      {
                        $swift =& new Swift(new Swift_Connection_SMTP("$smtp_hostname"));

                        if($email_format == 'text/html')
                          {
                            $RealMessage = $OurMessage;
                          }
                        else
                          {
                            $RealMessage = $OurTxtMessage;
                          }

                        //Create the message
                        $message =& new Swift_Message("$OrbitFAQTitle Registration", "$RealMessage", $email_format);

                        //Now check if Swift actually sends it
                        !$swift->send($message, $posted_login, "$default_email");
                      }
                    // if not then we will just use PHP mail functions.
                    else
                      {
                        $headers = "From: $default_email\r\n";
                        mail( $posted_login, "$OrbitFAQTitle Registration", $OurTxtMessage, $headers );
                      }

                    // Load our Listing Template
                    $smarty->assign("orbitfaq_accesslevel","$orbitfaq_accesslevel");

                    $template_file = "../../skins/$defaultSkin/members_register_success.tpl";
                    $smarty->display("file:$template_file");

                    clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
                    exit;

                  }

                $smarty->assign("posted_fullname","$posted_fullname");
                $smarty->assign("posted_login","$posted_login");
                $smarty->assign("posted_phone","$posted_phone");
                $smarty->assign("posted_msn","$posted_msn");
                $smarty->assign("posted_country","$posted_country");
                $smarty->assign("posted_city","$posted_city");
                $smarty->assign("posted_occupation","$posted_occupation");
                $smarty->assign("Errors","$error");

          }

          $smarty->assign("hide_login","1");

          $orbitfaq_accesslevel = $_SESSION['orbitfaq_accesslevel'];
          $smarty->assign("orbitfaq_accesslevel","$orbitfaq_accesslevel");

          // Load our Listing Template
          $template_file = "../../skins/$defaultSkin/members_$action.tpl";
          $smarty->display("file:$template_file");

          clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

      } // End Register
    elseif($action == 'validate')
      {

          // Get our variables
          $login = $_GET['l'];
          $key = $_GET['k'];


          $query_login = "SELECT * from `orbitfaq_users` WHERE `login` = '$login' AND `password` = '$key'";
          $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
          $count_login = $faqsql_count_rows($result_login);

          if($count_login == '0')
            {
              $message = "We were unable to validate your account<br />";
            }

          while ($row_login = $faqsql_fetch_array ($result_login)){
            $login_id = $row_login[0];

              $query_update = "UPDATE `orbitfaq_users` SET
                  `status` = '1'
                  WHERE `id` = '$login_id'
                ;

              ";

              $result_update = $faqsql_query ($query_update)OR DIE( "$sql_query_error $query_update");

            $message = "Your account has been activated and you can now login using the crudentials in your email<br />";

          }

          $smarty->assign("hide_login","1");
          $smarty->assign("Message", $message);
          $smarty->assign("orbitfaq_accesslevel","$orbitfaq_accesslevel");

          // Load our Listing Template
          $template_file = "../../skins/$defaultSkin/members_$action.tpl";
          $smarty->display("file:$template_file");

          clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

      } // End Validate
    elseif($action == 'forgottenpassword')
      {

        if($posted == 'yes')
          {

              $posted_login = fsanitize_email($_POST['posted_login']);
              $validate_email = checkEmail($posted_login);

              $generated_password = makeRandomPassword();
              $encrypted_generated_password = md5($generated_password);

              $query_login = "SELECT * from `orbitfaq_users` WHERE `login` = '$posted_login'";
              $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
              $count_login = $faqsql_count_rows($result_login);

              if(!$posted_login){ $error .= " &raquo; You did not enter an <u>Email Address</u><br />"; }
              if($count_login == '0'){ $error .= " &raquo; You did not enter a valid <u>Email Address</u> for our site<br />"; }

                if(!$error)
                  {

                    $query_update = "UPDATE `orbitfaq_users` SET `password` = '$encrypted_generated_password' WHERE `login` = '$posted_login';";
                    $result_update = $faqsql_query ($query_update)OR DIE( "$sql_query_error $query_update");

                    // Get our email address and email them the notice

                    $OurMessage = "<font face='verdana'>Please find your new password for <b>$OrbitFAQTitle</b> below<br /><br />";
                    $OurMessage .= "Login: $posted_login<br />";
                    $OurMessage .= "Password: $generated_password<br /><br />";
                    $OurMessage .= "Regards,<br /><b>OrbitFAQ Mailer</b>";

                    $OurTxtMessage = "Please find your new password for $OrbitFAQTitle below\n\n";
                    $OurTxtMessage .= "Login: $posted_login\n";
                    $OurTxtMessage .= "Password: $generated_password\n\n";
                    $OurTxtMessage .= "Regards,\nOrbitFAQ Mailer\n";

                    // Lets check that they are using swift
                    // if version is ok then use swift
                    if(($phpv == '4')OR($phpv == '5'))
                      {
                        $swift =& new Swift(new Swift_Connection_SMTP("$smtp_hostname"));

                        if($email_format == 'text/html')
                          {
                            $RealMessage = $OurMessage;
                          }
                        else
                          {
                            $RealMessage = $OurTxtMessage;
                          }

                        //Create the message
                        $message =& new Swift_Message("$OrbitFAQTitle New Password", "$RealMessage", $email_format);

                        //Now check if Swift actually sends it
                        !$swift->send($message, $posted_login, "$default_email");
                      }
                    // if not then we will just use PHP mail functions.
                    else
                      {
                        $headers = "From: $default_email\r\n";
                        mail( $posted_login, "$OrbitFAQTitle New Password", $OurTxtMessage, $headers );
                      }

                    $message = 'Your password has been generated and emailed to your email address.';

                    // Load our Listing Template
                    $smarty->assign("orbitfaq_accesslevel","$orbitfaq_accesslevel");
                    $smarty->assign("Message","$message");

                    $template_file = "../../skins/$defaultSkin/members_forgottenpassword_success.tpl";
                    $smarty->display("file:$template_file");

                    clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);
                    exit;

                  }

          }


          $smarty->assign("hide_login","1");
          $smarty->assign("Errors","$error");

          // Load our Listing Template
          $template_file = "../../skins/$defaultSkin/members_$action.tpl";
          $smarty->display("file:$template_file");

          clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

      } // End Forgotten Password
    elseif($action == 'profile')
      {

        if($posted == "yes")
          {

            // Lets sanitize our posted data
              $posted_fullname = strip_tags($_POST['posted_fullname']);
              $posted_login = fsanitize_email($_POST['posted_login']);
              $validate_email = checkEmail($posted_login);
              $posted_phone = strip_tags($_POST['posted_phone']);
              $posted_occupation = strip_tags($_POST['posted_occupation']);
              $posted_country = strip_tags($_POST['posted_country']);
              $posted_city = strip_tags($_POST['posted_city']);
              $posted_msn = strip_tags($_POST['posted_msn']);

              $posted_pw1 = strip_tags($_POST['posted_pw1']);
              $posted_pw2 = strip_tags($_POST['posted_pw2']);

              if(($posted_pw)OR($posted_pw2))
                {
                  $encrypted_posted_pw = md5($posted_pw1);
                  if($posted_pw1 != $posted_pw2){ $error .= " &raquo; Your <u>Passwords</u> do not match!<br />"; }
                }

              // Check if our email is in the system already
              $query_login = "SELECT * from `orbitfaq_users` WHERE `login` = '$posted_login' AND `id` != '$orbitfaq_userid'";
              $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
              $count_login = $faqsql_count_rows($result_login);

              if(!$orbitfaq_userid){ $error .= " &raquo; We are having a problem finding your session id<br />"; }
              if(!$posted_fullname){ $error .= " &raquo; You did not enter a <u>Full Name</u><br />"; }
              if(!$posted_login){ $error .= " &raquo; You did not enter an <u>Email Address</u><br />"; }
              if($validate_email == '0'){ $error .= " &raquo; You did not enter a <u>Valid Email Address</u><br />"; }
              if($count_login != '0'){ $error .= " &raquo; You did not enter a <u>Unique Email Address</u>, maybe you should try the Forgotten Password Option<br />"; }

              if(!$error)
                {

                  $query_update = "UPDATE `orbitfaq_users` SET
                        `login` = '$posted_login',
                        `fullname` = '$posted_fullname',
                        `phone` = '$posted_phone',
                        `msn` = '$posted_msn',
                        `country` = '$posted_country',
                        `city` = '$posted_city',
                        `occupation` = '$posted_occupation'
                      WHERE `id` = '$orbitfaq_userid'
                    ;

                  ";

                  $result_update = $faqsql_query ($query_update)OR DIE( "$sql_query_error $query_update");

                  if(($posted_pw)OR($posted_pw2))
                    {

                      $query_update = "UPDATE `orbitfaq_users` SET `password` = '$encrypted_posted_pw' WHERE `id` = '$orbitfaq_userid';";
                      $result_update = $faqsql_query ($query_update)OR DIE( "$sql_query_error $query_update");

                    }


                  clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

                  $message = "Profile Was Successfully Updated!";
                  header("Location: members.php?action=profile&message=$message");

                  exit;
                }

          }
        else
          {

            $query_login = "SELECT * from `orbitfaq_users` WHERE `id` = '$orbitfaq_userid'";
            $result_login = $faqsql_query ($query_login)OR DIE( "$sql_query_error $query_login");
            $count_login = $faqsql_count_rows($result_login);

            while ($row_login = $faqsql_fetch_array ($result_login)){
              $login_id = $row_login[0];
              $posted_login = $row_login[2];
              $posted_fullname = $row_login[3];
              $posted_phone = $row_login[5];
              $posted_msn = $row_login[6];
              $posted_country = $row_login[7];
              $posted_city = $row_login[8];
              $posted_occupation = $row_login[9];

            }

          }

          $smarty->assign("posted_fullname","$posted_fullname");
          $smarty->assign("posted_login","$posted_login");
          $smarty->assign("posted_phone","$posted_phone");
          $smarty->assign("posted_msn","$posted_msn");
          $smarty->assign("posted_country","$posted_country");
          $smarty->assign("posted_city","$posted_city");
          $smarty->assign("posted_occupation","$posted_occupation");
          $smarty->assign("Errors","$error");


          // Load our Listing Template
          $template_file = "../../skins/$defaultSkin/members_$action.tpl";
          $smarty->display("file:$template_file");

          clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

      } // End Profile
    else
      {
        clearSmartyCompiled($SmartyCompileDir, $ClearSmartyCompiled);

        header( "Location: index.php" ) ;
        exit;
      }

?>
